monkey/chaos_monkey/exploit/__init__.py

from abc import ABCMeta, abstractmethod

__author__ = 'itamar'


class HostExploiter(object):
    __metaclass__ = ABCMeta

    _TARGET_OS_TYPE = []

    def __init__(self, host):

        self._exploit_info = {}
        self._exploit_attempts = []
        self.host = host

    def is_os_supported(self):
        return self.host.os.get('type') in self._TARGET_OS_TYPE

    def send_exploit_telemetry(self, result):
        from control import ControlClient
        ControlClient.send_telemetry(
            'exploit',
            {'result': result, 'machine': self.host.__dict__, 'exploiter': self.__class__.__name__,
             'info': self._exploit_info, 'attempts': self._exploit_attempts})

    def report_login_attempt(self, result, user, password, lm_hash='', ntlm_hash=''):
        self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
                                       'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash})

    @abstractmethod
    def exploit_host(self):
        raise NotImplementedError()


from win_ms08_067 import Ms08_067_Exploiter
from wmiexec import WmiExploiter
from smbexec import SmbExploiter
from rdpgrinder import RdpExploiter
from sshexec import SSHExploiter
from shellshock import ShellShockExploiter
from sambacry import SambaCryExploiter
from elasticgroovy import ElasticGroovyExploiter
first commit 2015-08-30 15:27:35 +08:00			`from abc import ABCMeta, abstractmethod`

			`__author__ = 'itamar'`

PEP8 in diff files Add concept of non default timeout for copying SMB files. This is by default 5 minutes. Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running. Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again. 2016-09-05 22:45:27 +08:00
first commit 2015-08-30 15:27:35 +08:00			`class HostExploiter(object):`
			`__metaclass__ = ABCMeta`
- c&c - support for virtual files (monkeyfs) - ssh exploitation - some linux support issues fixed 2015-09-29 22:58:06 +08:00
Fix CR 2017-10-16 15:58:11 +08:00			`_TARGET_OS_TYPE = []`

Refactor exploit classes to be per-host, and not per exploit type Exploit telemetry has a more consistent format Minor improvements in exploits 2017-10-11 23:05:03 +08:00			`def __init__(self, host):`
Fix CR 2017-10-16 15:58:11 +08:00
Refactor exploit classes to be per-host, and not per exploit type Exploit telemetry has a more consistent format Minor improvements in exploits 2017-10-11 23:05:03 +08:00			`self._exploit_info = {}`
			`self._exploit_attempts = []`
			`self.host = host`

			`def is_os_supported(self):`
Fix CR 2017-10-16 15:58:11 +08:00			`return self.host.os.get('type') in self._TARGET_OS_TYPE`
Refactor exploit classes to be per-host, and not per exploit type Exploit telemetry has a more consistent format Minor improvements in exploits 2017-10-11 23:05:03 +08:00
			`def send_exploit_telemetry(self, result):`
			`from control import ControlClient`
			`ControlClient.send_telemetry(`
			`'exploit',`
			`{'result': result, 'machine': self.host.__dict__, 'exploiter': self.__class__.__name__,`
			`'info': self._exploit_info, 'attempts': self._exploit_attempts})`

			`def report_login_attempt(self, result, user, password, lm_hash='', ntlm_hash=''):`
			`self._exploit_attempts.append({'result': result, 'user': user, 'password': password,`
			`'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash})`
first commit 2015-08-30 15:27:35 +08:00
			`@abstractmethod`
Refactor exploit classes to be per-host, and not per exploit type Exploit telemetry has a more consistent format Minor improvements in exploits 2017-10-11 23:05:03 +08:00			`def exploit_host(self):`
first commit 2015-08-30 15:27:35 +08:00			`raise NotImplementedError()`
code organization #2 2015-11-30 20:11:19 +08:00
Added Elastic attack 2017-09-26 20:43:46 +08:00
code organization #2 2015-11-30 20:11:19 +08:00			`from win_ms08_067 import Ms08_067_Exploiter`
			`from wmiexec import WmiExploiter`
			`from smbexec import SmbExploiter`
			`from rdpgrinder import RdpExploiter`
			`from sshexec import SSHExploiter`
PEP8 in diff files Add concept of non default timeout for copying SMB files. This is by default 5 minutes. Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running. Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again. 2016-09-05 22:45:27 +08:00			`from shellshock import ShellShockExploiter`
sambacry almost working e2e 2017-08-31 22:50:55 +08:00			`from sambacry import SambaCryExploiter`
Added Elastic attack 2017-09-26 20:43:46 +08:00			`from elasticgroovy import ElasticGroovyExploiter`